Jump to content

Search the Community

Showing results for tags 'Poweliks'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 24 results

  1. Hello! After a frustrating day trying to create a user here, the system finally sent me a confirmation email!! Anyway, I have a friends PC that MWB rootkit scanner found the Poweliks trojan and I ran the clean function several times, even in safe mode, but everytime I run it to check that it cleaned it, it's still showing up as infected? I ran Hitmanpro, combofix and adwcleaner as well as the regular malwarebytes scanner and it comes up clean, but the rootkit scanner says it's still present. I installed FRST64 and created the log files which i have attached. Any help would be greatly appreciated. Thanks VERY much! Tom Addition.txt FRST.txt
  2. Somehow, I managed to get infected with Poweliks. It's a bit of a nasty variant that runs without executables, but back in 2014 Malwarebytes trumpeted how they could now block and delete etc it. Meanwhile, in 2016, it was completely oblivious to it, and didn't find a thing. At the end of the day, I had to do what was recommended - download Zemana Antimalware, which did see it and allow me to erase it. Where did I find this suggestion? Why, here on the Malwarebytes forum, by a Malwarebytes representative... Could someone tell me why I should pay for Malwarebytes when even Malwarebytes recommends Zemana? But FYI, MBAM 3 in trial mode cannot find Poweliks. At least it couldn't on my machine.
  3. I believe that my explorer.exe has been compromised by a new version of Poweliks, every time I start up my computer after a few moments a large number of comhost and windows presentation processes show up in my process list and cause my CPU usage to skyrocket from 5% to 80%-99%. In my attempts to remove the malware I booted my computer in safe mode and found with some tinkering that the problems only happen when i run explorer.exe and connect to the internet. Ontop of this i have also noticed briefly upon shutting down my computer that advertisements will show up as the computer turns off, likely running in the background the entire time. At this time i believe that explorer.exe is the only compromised process as it is the only one that triggers the other programs. I decided to compare my computer's symptoms with reported malware and i think that Trojan.Poweliks is the most likely culprit. I decided to try and run avast, i found that avast refuses to open. So I went and downloaded the installer for Malwarebytes and found that upon running the installer it would simply refuse to start the installation process, no error code or anything, it just wouldn't run. Next I looked on the forums to try and figure out how to get MBAM to install, found a topic saying that chameleon would work, it didn't. After that i tried getting ADW cleaner, it ran just fine but couldn't detect any problems, should've figured as much in hindsight as this is a rootkit infection. Having exhausted these options i found Malwarebytes Anti-Rootkit BETA and decided it was worth a shot, like with MBAM, MBAR wouldn't run. So here i am hoping that someone can help me finally get rid of this thing, it's been on my computer since yesterday and i just want it gone. Thank you for taking the time to help
  4. Hi..I started seeing a bunch of dllhost.exe processes running with the "COM Surrogate" description a few days ago, so downloaded MWB and ran a full scan. It found 65+ entries - mostly PUPs (PUP.Optional.Sigot.A, PUP.Optional.InfoAtoms, PUP.Optional.OpenCandy and PUP.Optional.YTDToolbar) but one Trojan(Trojan.JobLaunch.ODB). MB cleaned all 65 items and put them in quarantine. Rebooted the PC and no longer had any dllhost.exe COM Surrogates running (Yay!) This lasted a few hours..then, MWB started showing frequent "Malicious Website blocked" messages - mostly with fffsee.com and IP 95.215.1.57. I now once again see a bunch of dllhost.exe processes in Task Manager, with a good chunk of CPU and memory being consumed by those processes. I've run Norton Security Suite scans and it quarantined Trojan.Poweliks!gm AFTER MWB quarantined the 65 items. I've run MWB and Norton several times since, and neither is picking up any viruses or malware at this point. (I suspect this is because Poweliks apparently hides itself in a way that is hard for anti-virus and anti-malware software to detect, based on what I've read). My main problem right now is all the "malicious website blocked" popups from MWB on fffsee.com, and the running dllhost.exe COM Surrogates that I can't get rid of. I ran FRST as instructed in the MWB FAQ. Logs are attached. Thanks in advance for any/all help! - J FRST.txt Addition.txt
  5. I am going to attempt & remove poweliks from my computer using the guidance posted in Malwarebytes Unpacked - NO more poweliks! My question before I begin - Can this be done with computer in Safe Mode? Computer has high CPU & memory usage issues as are associated with poweliks infection. Computer is much more responsive & CPU & memory loads are much less in Safe Mode.
  6. Looks like a Poweliks issue... My system is running very slow and seems the memory is taken up with multiple dllhost.exe *32 COM Surrogate running. Malwarebytes identifies outbound traffic to fff5ee.com and other IP addresses when a browser is not even open. Norton 360 warns of Trojan.poweliks and Trojan.adclicker. Once the dllhost.exe process does show up in the task manager MalwareBytes constantly pops up blocking websites of various IPs that are all trying to be accessed by C:\WINDOWS\SysWOW64\dllhost.exe. Addition.txt FRST.txt RKreport_SCN_11022014_220453.log mbam-log-2014-11-02(20-47-29).txt
  7. Need some help getting rid of these... Ran Malwarebytes and then bought upgrade to premium. Found mx infections but can't kill the fff5ee virus. Malwarebytes still gives notice every min or so of blocked fff5ee. Norton is also giving occassional blocks for Poweliks. Have run all the Norton complete virus scans and NPE...no joy. Will be happy to donate to the cause for a little help.... Thanks, Dexter
  8. Hi Mr. Charlie, Sorry - newbie - thanks for guiding me to the right spot. Win 7, Norton IS, had not previously been running Malwarebytes but will be moving forward; your customer service alone, FROM VOLUNTEERS, speaks volumes about the product. I've attached the RogueKiller and Malwarebytes logs. They are from yesterday afternoon - ? - we've probably had the infections for 3 days. Thank you for your time, efforts and patience! Our computers are like our cars; seldom think about them other than basic maintenance, and when they fail - AGH! Can't (voluntarily) live without them. Please let me know what I may do to help you help me, Sincerely, goseeus Malwarebytes Log.txt RKreport_SCN_11022014_153651.log
  9. Hello - I've been reading about a lot of people with similar problem. About 5 days ago, internet access slowed to a crawl, with lots of "this page cannot be displayed" failures. Opening Windows Task Manager, I noticed many "dllhost.exe *32" processes ("COM Surrogate"), which I could force-quit one by one - but not the "dllhost.exe" (without the "*32"), which it wouldn't let me kill. After force-quitting them all, a few minutes later they would re-appear. No matter how many force-quits, they always pop up. I am running Internet Explorer 11 (version 11.0.13 KB2987107), and in the Internet Option --> Security window, for the "Internet" security zone, I noticed the security level is set to "Custom". When I open the details, there are many things that are enabled. When I reset to default "Medium-High" (which is where I've previously always had it), many of those things are no longer enabled. (If necessary I can post a complete list.) After I do the reset to "Medium-High" and kill all the "dllhost.exe *32" processes, things appear as normal for a few minutes, when suddenly a new swarm of "dllhost.exe *32" processes appear and then when I check Internet Explorer security settings for the Internet, they have magically reset themselves to "Custom". I tried all of these, which did not solve anything: CCleaner, AVGFree 2015, Malwarebytes. (I don't have Norton, MacAfee, Kaspersky, etc.) I also noticed that C:\Users\<myname>\AppData\Local\Temp\ fills up with hundreds of folders, sometimes as many as 2-3 per minute for certain stretches when many of these dllhost processes are active. And, just today, as of 8:46AM, AVG 2015 threat detection is blocking/removing "Poweliks" exactly every 60 seconds with a pop-up window: Object Name = "HKEY_USERS\<lots of numbers>" (I can include it if necessary), and Process Name: "C:\Windows\SysWOW64\dllhost.exe" My PC is Dell XPS8300 running Windows 7 Home Premium Service Pack 1. My laptop which is connected to the home network, does not have these problems. I would GREATLY APPRECIATE any help you might offer! Thank you in advance.
  10. Alright, so I just joined and I was having some trouble because I couldn't figure out how to post on the forums, (haha,) but... i read a few of the help guides for removal of poweliks/fff5ee.com, (opens several COM surrogates and jams up the cpu,) and i didn't want to use the fixlogs posted because I wasn't sure if they were system specific or not. I ran combofix already and that didn't seem to help, even though it identified some files. I ran Malwarebytes yesterday and it also i.d. several questionable files as well but now MB wont open to allow me to run another scan even though manager says its running. Any help would be greatly appreciated, thank you.
  11. I really need some help. After my nephew visited and downloaded some games and other things onto my computer so he could play while he was visiting, I started having problems with a slow computer. My Norton 360 kept saying it was blocking a Poweliks Trojan. I show many processes with dllhost.exe and kqikghfb.exe. If they are deleted/ended, they simply come back. I downloaded Malwarebytes, scanned, and quarantined all that showed up as needing fixed. Now, Malwarebytes is constantly blocking attacks and/or intrusions from the following: honeymods.com dllhost.exe appsruors.com Trojan.Gen.2 ffsee.com Attached are my FRST and Addition files. I would really appreciate some help! Thank you! Addition.txt FRST.txt
  12. My windows 7 computer has been infected with the poweliks virus. While multitasking I give a quick yes to a fake adobe flash update prompt and then now it barely works. Runs multiple com surrogates and get attack warnings from Norton, I run Norton power eraser, malwarebytes, HitmanPro,TDSSkiller and nothing shows up. Attached txt files from malwarebytes and TDSSkiller. Any help greatly appreciated !
  13. I seem to have picked up a bug, hopefully just the one. Seems to be Poweliks at the very least. Malwarebytes and Norton both give me a clean bill of health. If somebody could get vaccinated, I'd appreciate it. Below are the Farbar results. It wouldn't let me paste the addition too; it said the post was too long. I attached both text files though. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-10-2014Ran by Jonathan (administrator) on MCP on 25-10-2014 12:45:53Running from C:\Users\Jonathan\DesktopLoaded Profile: Jonathan (Available profiles: Jonathan & Amy)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(ASUSTeK Computer Inc.) C:\Windows\SysWOW64\AsHookDevice.exe(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe() C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Manager\AIManager.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe() C:\Windows\SysWOW64\PnkBstrA.exe(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe() C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe() C:\Users\Jonathan\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe(Motorola Inc.) C:\Program Files (x86)\Motorola\MOTOPRINT Host\PrintService.exe(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sKDaemon.exe] => C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe [318464 2009-06-16] ()HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor)HKLM\...\Run: [skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [intelliType Pro] => C:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)HKLM\...\Run: [intelliPoint] => C:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM\...\Run: [samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2014-09-29] (Copyright 2013 SAMSUNG)HKLM-x32\...\Run: [RunAIShell] => C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [225280 2009-08-20] (ASUSTeK Computer Inc.)HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)HKLM-x32\...\Run: [MOTOPRINTUPnPPrintService] => C:\Program Files (x86)\Motorola\MOTOPRINT Host\PrintService.exe [292072 2011-06-15] (Motorola Inc.)HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-420536960-1768820817-1315376916-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Jonathan\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()HKU\S-1-5-21-420536960-1768820817-1315376916-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)HKU\S-1-5-21-420536960-1768820817-1315376916-1001\...\MountPoints2: F - F:\LaunchU3.exe -aHKU\S-1-5-21-420536960-1768820817-1315376916-1001\...\MountPoints2: {1aaba4a3-e5b9-11e3-ac4f-90e6baccd9ef} - F:\MotoCastSetup.exe -aHKU\S-1-5-21-420536960-1768820817-1315376916-1001\...\MountPoints2: {3ed5bb23-83a7-11e1-9c1a-90e6baccd9ef} - H:\MotoCastSetup.exe -aHKU\S-1-5-21-420536960-1768820817-1315376916-1001\...\MountPoints2: {df71304b-4cd8-11df-8a7c-90e6baccd9ef} - F:\LaunchU3.exe -aHKU\S-1-5-21-420536960-1768820817-1315376916-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnkShortcutTarget: Event Reminder.lnk -> C:\Program Files (x86)\The Print Shop 23\Remind.exe (Broderbund Properties LLC)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x597E8B2F6F83CA01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No FileBHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabDPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cabDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: HKLM-x32 {8D59819B-2067-4A6B-84F4-7F84570E3C30} http://192.168.2.3/img/LinksysMLViewer.cabDPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox:========FF ProfilePath: C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\4j5d1hv6.defaultFF Homepage: hxxp://www.yahoo.com/FF NetworkProxy: "type", 0FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No FileFF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Jonathan\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)FF SearchPlugin: C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\4j5d1hv6.default\searchplugins\safesearch.xmlFF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgnFF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-10-24]FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-05-26]FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: =======CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"CHR Profile: C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-24]CHR Extension: (Google Drive) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-24]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-13]CHR Extension: (YouTube) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-24]CHR Extension: (Google Search) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-24]CHR Extension: (Norton Identity Safe) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-13]CHR Extension: (Norton Security Toolbar) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-04-24]CHR Extension: (Google Wallet) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-24]CHR Extension: (Gmail) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-24]CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]R2 Device Handle Service; C:\Windows\SysWOW64\AsHookDevice.exe [196608 2009-08-20] (ASUSTeK Computer Inc.) [File not signed]R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1435680 2014-01-10] (Fitbit, Inc.)R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2010-08-21] ()R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [1142768 2013-12-20] (Paramount Software UK Ltd)R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [616288 2014-09-29] (Copyright 2013 SAMSUNG) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94208 2013-09-24] (Advanced Micro Devices) [File not signed]R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141016.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141024.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141024.018\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141024.018\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-17] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)S3 SYMFW; \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMFW.SYS [X]S3 SYMNDISV; \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-25 12:45 - 2014-10-25 12:46 - 00026519 _____ () C:\Users\Jonathan\Desktop\FRST.txt2014-10-25 12:26 - 2014-10-25 12:26 - 00000085 _____ () C:\Windows\wininit.ini2014-10-25 12:24 - 2014-10-25 12:24 - 00854448 _____ () C:\Users\Jonathan\Downloads\SecurityCheck.exe2014-10-25 12:20 - 2014-10-25 12:46 - 00000000 ____D () C:\FRST2014-10-25 12:16 - 2014-10-25 12:16 - 02112512 _____ (Farbar) C:\Users\Jonathan\Desktop\frst64.exe2014-10-25 11:42 - 2014-10-25 12:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-10-25 11:41 - 2014-10-25 12:07 - 00000000 ____D () C:\Users\Jonathan\Desktop\mbar2014-10-24 18:10 - 2014-10-24 18:10 - 00003278 _____ () C:\Windows\System32\Tasks\{0E84C6BC-3D3A-4923-97F7-3C5A00956517}2014-10-24 17:17 - 2014-10-24 17:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-10-24 17:17 - 2014-10-24 17:17 - 00002023 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk2014-10-24 16:58 - 2014-10-25 12:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-10-24 16:58 - 2014-10-25 12:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-10-24 16:58 - 2014-10-24 16:58 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking2014-10-24 16:53 - 2014-10-24 16:53 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Jonathan\Downloads\spybot-2.4.exe2014-10-24 16:13 - 2014-10-24 16:15 - 00000000 ____D () C:\AdwCleaner2014-10-24 12:47 - 2014-10-24 18:15 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}2014-10-24 12:47 - 2014-10-24 12:47 - 00175648 ___SH (Microsoft) C:\Windows\system32\spinstall.exewdscore.dll2014-10-24 12:47 - 2014-10-24 12:47 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage2014-10-24 11:56 - 2014-10-24 11:56 - 00000000 ____D () C:\Program Files (x86)\ESET2014-10-24 09:17 - 2014-10-24 09:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-10-16 04:55 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-10-16 04:55 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-10-16 04:55 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-10-16 04:55 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-10-16 04:55 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-10-16 04:55 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-10-16 04:55 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-16 04:55 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-10-16 04:55 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-10-16 04:55 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-10-16 04:55 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-10-16 04:55 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-10-16 04:55 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-16 04:55 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-16 04:55 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-16 04:55 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-10-16 04:55 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-10-16 04:55 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-16 04:55 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-16 04:55 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-10-16 04:55 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-10-16 04:55 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-10-16 04:55 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-16 04:55 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-16 04:55 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-10-16 04:55 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-16 04:55 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-16 04:55 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-10-16 04:55 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-10-16 04:55 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-10-16 04:55 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-10-16 04:55 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-10-16 04:55 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-16 04:55 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-10-16 04:55 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-10-16 04:55 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-10-16 04:55 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-10-16 04:55 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-10-16 04:55 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-16 04:55 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-10-16 04:55 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-16 04:55 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-10-16 04:55 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-10-16 04:55 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-10-16 04:55 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-10-16 04:55 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-10-16 04:55 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-10-16 04:55 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-16 04:55 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-10-16 04:55 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-10-16 04:55 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-10-16 04:55 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-16 04:55 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-10-16 04:55 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-10-16 04:55 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-10-16 04:55 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-16 04:55 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-10-16 04:55 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-10-16 04:55 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-10-16 04:55 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-10-16 04:55 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-10-16 04:55 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll2014-10-16 04:55 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll2014-10-16 04:55 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-10-16 04:55 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll2014-10-16 04:55 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-10-16 04:54 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-10-16 04:54 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-10-16 04:54 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-10-16 04:54 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-10-16 04:54 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2014-10-16 04:54 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll2014-10-16 04:54 - 2014-07-16 22:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-10-16 04:54 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe2014-10-16 04:54 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-10-16 04:54 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-10-16 04:54 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll2014-10-16 04:54 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll2014-10-16 04:54 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-10-16 04:54 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-10-16 04:54 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll2014-10-16 04:54 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-10-16 04:54 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe2014-10-16 04:54 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll2014-10-16 04:54 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-10-16 04:54 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-10-16 04:54 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2014-10-16 04:54 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2014-10-15 17:37 - 2014-10-15 17:37 - 00000919 _____ () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk2014-10-15 17:37 - 2014-10-15 17:37 - 00000000 ____D () C:\Program Files\MediaInfo2014-10-10 15:30 - 2014-10-10 15:30 - 00000000 ____D () C:\Users\Jonathan\Documents\My Games2014-10-10 15:26 - 2014-10-10 15:26 - 00000963 _____ () C:\Users\Public\Desktop\FTL.lnk2014-10-10 15:26 - 2014-10-10 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FTL Faster Than Light2014-10-10 15:26 - 2014-10-10 15:26 - 00000000 ____D () C:\Program Files (x86)\FTL2014-10-10 15:03 - 2014-10-10 15:05 - 189232271 _____ (Subset Games ) C:\Users\Jonathan\Downloads\FTL_v1.5.13_Install.exe2014-10-06 11:10 - 2014-10-06 11:36 - 00001879 _____ () C:\Users\Jonathan\Desktop\Samsung Link madswordsman@juno.com.lnk2014-10-06 11:10 - 2014-10-06 11:10 - 00000000 ____D () C:\Users\Jonathan\Samsung Link2014-10-06 11:09 - 2014-10-06 11:09 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\SAMSUNG2014-10-06 11:09 - 2014-10-06 11:09 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung2014-10-06 11:09 - 2014-10-06 11:09 - 00000000 ____D () C:\Users\Jonathan\.swt2014-10-06 11:09 - 2014-10-06 11:09 - 00000000 ____D () C:\Upload2014-10-06 11:09 - 2014-10-06 11:09 - 00000000 ____D () C:\ProgramData\SAMSUNG2014-10-06 11:09 - 2014-10-06 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung2014-10-06 11:08 - 2014-10-06 11:09 - 00000000 ____D () C:\Program Files\Samsung2014-10-05 00:51 - 2014-10-05 00:51 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 3602014-10-01 05:26 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2014-10-01 05:26 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll2014-09-26 11:24 - 2014-09-26 11:24 - 00000359 _____ () C:\Users\Jonathan\Recycle Bin - Shortcut.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-25 12:41 - 2012-04-05 13:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-10-25 12:28 - 2011-04-28 15:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-10-25 12:21 - 2014-07-14 12:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-10-25 11:41 - 2014-07-14 12:58 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-10-25 11:18 - 2009-12-22 23:25 - 01802634 _____ () C:\Windows\WindowsUpdate.log2014-10-25 09:23 - 2009-12-22 21:14 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Adobe2014-10-25 01:28 - 2011-04-28 15:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-10-24 22:08 - 2014-04-30 12:45 - 00013314 _____ () C:\Windows\setupact.log2014-10-24 18:28 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-10-24 18:28 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-10-24 18:18 - 2012-09-03 00:26 - 00000000 ____D () C:\Temp2014-10-24 18:17 - 2014-05-03 03:16 - 00279960 _____ () C:\Windows\PFRO.log2014-10-24 18:17 - 2014-03-19 23:09 - 00000000 ____D () C:\ProgramData\NVIDIA2014-10-24 18:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-10-24 18:14 - 2014-01-05 22:16 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Battle.net2014-10-24 18:14 - 2013-12-20 15:07 - 00000000 ____D () C:\ProgramData\Oracle2014-10-24 18:12 - 2014-03-19 22:27 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-10-24 18:12 - 2013-12-20 15:07 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-10-24 18:12 - 2013-12-20 15:07 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-10-24 18:12 - 2013-12-20 15:07 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-10-24 18:12 - 2013-07-02 21:09 - 00000000 ____D () C:\Program Files (x86)\Java2014-10-24 18:05 - 2010-08-21 19:15 - 00000000 ____D () C:\Program Files (x86)\StarCraft II2014-10-24 18:04 - 2014-01-05 22:16 - 00000000 ____D () C:\Program Files (x86)\Battle.net2014-10-24 17:18 - 2009-12-22 21:14 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Adobe2014-10-24 17:17 - 2012-04-05 13:54 - 00000000 ____D () C:\Program Files (x86)\Adobe2014-10-24 17:17 - 2009-08-25 00:22 - 00000000 ____D () C:\ProgramData\Adobe2014-10-24 09:17 - 2014-07-14 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-10-24 09:17 - 2014-07-14 12:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-10-23 10:34 - 2010-05-17 19:26 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\CrashDumps2014-10-21 01:23 - 2011-04-28 15:39 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-10-21 01:23 - 2011-04-28 15:39 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-10-19 21:30 - 2014-05-19 11:59 - 00000000 ____D () C:\Users\Jonathan\My Movies2014-10-18 19:23 - 2010-10-27 11:40 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Windows Live2014-10-18 12:07 - 2014-08-22 16:43 - 00000000 ____D () C:\Users\Jonathan\Downloads\WinDlg2014-10-18 08:21 - 2009-12-22 23:26 - 00000000 ____D () C:\Users\Jonathan2014-10-18 08:16 - 2012-05-10 09:26 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\MotoCast2014-10-17 06:11 - 2012-09-03 00:28 - 00000000 ____D () C:\Users\Jonathan\.gstreamer-0.102014-10-17 05:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2014-10-17 04:26 - 2014-04-24 16:09 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-10-17 03:26 - 2009-07-14 00:45 - 01119520 _____ () C:\Windows\system32\FNTCACHE.DAT2014-10-17 03:25 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-10-17 03:07 - 2009-08-25 00:24 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-10-17 03:04 - 2013-07-12 03:04 - 00000000 ____D () C:\Windows\system32\MRT2014-10-17 03:00 - 2010-01-12 15:31 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-10-17 02:19 - 2014-01-27 09:53 - 00000000 ____D () C:\Program Files (x86)\Fitbit Connect2014-10-15 19:21 - 2012-09-25 16:07 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft2014-10-15 17:38 - 2009-12-22 21:13 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\VirtualStore2014-10-14 09:37 - 2009-07-14 01:13 - 00795858 _____ () C:\Windows\system32\PerfStringBackup.INI2014-10-10 10:17 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp2014-10-06 11:14 - 2014-09-24 13:52 - 00000000 ____D () C:\Users\Jonathan\Downloads\Amy Email Pics2014-10-05 00:51 - 2013-11-18 04:28 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 3602014-10-05 00:51 - 2012-07-04 10:41 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration2014-10-05 00:51 - 2009-12-22 21:46 - 00000000 ____D () C:\Windows\system32\Drivers\N360x642014-10-01 11:11 - 2014-07-14 12:58 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-10-01 11:11 - 2010-05-26 20:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-10-01 10:39 - 2010-07-20 15:37 - 00000000 ____D () C:\Program Files (x86)\Steam ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-16 00:57 ==================== End Of Log =========================== FRST.txt Addition.txt
  14. Hi, first of all thanks in advanced for the help you could provide me. I will try to be short but detail. I noticed my laptop Dell Latitude running slow and overheating after a Windows Update and I began to notice pop ups from Norton telling me that COM Surrogate was consuming too much memory. Here began the nightmare. I ran Norton, Viprerescue, Microsoft Scanner, Norton Power eraser, Kaspersky, etc. and all of them no threat found. I contacted Norton support and they performed a remoted session and did something trought de cmd and after all, they told me everything was clear. Great!! But not. The pc was fast as before but many features, programs and shortcuts didn't response to the mouse click. Can't open programs, etc. by the way I am not an IT but I love pc. I was checking under windows/system32 and there is a dllhost.exe file and its properties looks good. But there is another one dllhost.exe under windows/syswow64 and that one looks weird, properties different, permissions and security details looks bad. When the permission under security tab in the prperties of the files are denied works fine but then no response to certainly features and programs but if I change the permission and allow everything those features works but COM Surrogate begin to consume high memory. Also I check the same files on my wife's pc and both dllhost.exe are in those location windows system32 and syswow64 but looks perfect and works perfect. I hope you can understand and appreciate your help and support. Thanks a lot in advanced.
  15. Recently started having problems with IE10 (Downloads blocked), Symantec notifying me of infection Poweliks, and multiple versions of dllhost.exe *32 COM Surrogate running. Seems more pronounced after opening IE10. I ran Malwarebytes several days ago, and it did find some problems and quarantined them. Problems are recurring, so I'm turning to you folks for help. Made another scan tonight with Symantec disabled. Results log posted below. Also ran FRST, results attached. Thanks in advance for your help! Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 10/23/2014Scan Time: 8:45:35 PMLogfile: MWBLog1.txtAdministrator: Yes Version: 2.00.3.1025Malware Database: v2014.10.23.09Rootkit Database: v2014.10.22.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: cdare Scan Type: Threat ScanResult: CompletedObjects Scanned: 383466Time Elapsed: 6 min, 23 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Addition.txt FRST.txt
  16. Alright, so I just joined and I was having some trouble because I couldn't figure out how to post on the forums, (haha,) but... i read a few of the help guides for removal of poweliks/fff5ee.com, (opens several COM surrogates and jams up the cpu,) and i didn't want to use the fixlogs posted because I wasn't sure if they were system specific or not. Any help would be greatly appreciated, thank you. (Also, i ran combofix already and that didn't seem to help, even though it identified some files.)
  17. I got the Trojan while browsing the web, the computer started to slow down, it started downloading small files, by the time I noticed it, it downloaded about 2 gigs worth of files. scanned it with roguekiller, it showed the poweliks Trojan, unfortunately I cant get rid of the container , it keeps coming back, I used MSE , malwarebytes, JRT, ESET, ADWcleaner. Thank you for the help! Here are the farbar files: FRST.txt Addition.txt
  18. I am getting the Malicious website warning and need help in removing the root cause. This problem has persisted for a few weeks and has proven stubborn. The result is that is hogging my home network, making it difficult to use. Some history: In summary ran the following and in this rough order: (after removing Trend Micro) Kaspersky TDSSkiller, RKill, MalWaresBytes anti-malware, Hitman Pro (beta version), RogueKiller,AdwCleaner, Junkware removal tool, ESET, EMSISOFT. - result of the above: Malwarebytes did not catch anything in the scan but after I put it on it starting to block several Malicious Websites (all outbound), RogueKiller found 'Trojan Poweliks' and it deleted it. That worked for a while (2 hours without shutdown) but then the Malicious Website warning re-appeared. The problem came back immediately upon reboot. - So then I did: Norton power eraser followed by Sophos. Norton picked up nothing but Sophos picked up and cleaned 'TROJ/PeeacMem-A'. - So I then used Roquekiller to get rid of poweliks, followed by Sophos to get rid of Peeac... and I thought I was clear. - But it all keeps coming back. I noticed there are posts on this forum with similar problems and it looks like solutions were found. I would like to see if I can solve this (with help) before I wipe the drive.
  19. Seems to be a very fast spreading malware out there going by poweliks which is what i believe has infected my system. After reading through a couple logs i ran the farbar scan and came up with this,. any help is much appreciated Addition.txt FRST.txt
  20. Infected with poweliks.... Ran sophos removal tool and it finds the infection but will not remove. Ran Roguekiller with same results. It finds the infection but will not remove. Any help would be greatly appreciated. Thank you. Addition.txt FRST.txt mbam-log-2014-10-08 (20-17-17).xml
  21. Please help. My computer has been infected by poweliks. Every time I run Malwarebytes scan I get two registry keys that show up as infected by rootkit.poweliks (detected item rootkit.poweliks -HKLM\SOFTWARE\CLASSES\CLSID\{73E709EA-.......). It identifies this every time, these are deleted and then I reboot; it comes back with the it again. I have attached the scan log. alos attached are the scan logs from Farbar recovery Scan tool. Appreciate any help.8_20.txtFRST.txtAddition.txt
  22. I have ran malwarebytes (free edition) 15/20 times; every time it finds two registry keys (detected item rootkit.poweliks -HKLM\SOFTWARE\CLASSES\CLSID\{73E709EA-.......). It identifies this every time, these are deleted and then I reboot; it comes back with the it again. is there a solution to rootikit.poweliks ? Have been reading online for a solution and no luck. have tried couple of other tools - roguekiller , avg. Appreciate any help
  23. A new attack has arisen and I wondered if your Premium version of Malewarebytes software stops the attack? LINK
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.